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1. {Currently Amended) A computer-unplcrnented process far 
authenticating a workstation requesting a network service from a network server via a 
computer network, comprising the steps: 

completing a vulnerability assessment comprising a scan of the 
workstation to identify at least one of security vulnerabilities thot would compromise the 
secure operation of the workstation on the computer network and evidence of a 
compromise ; 

generating workstation security credentials based on the vulnerability 
assessment, the workstation security credentials comprising one of integrity iuforinatiuu 
describing whether Ihe workstation has heen compromised, and security posture 
information describing the workstation's potential for compromise; 

comparing the workstation security credentials to a workstation security 
policy to determine whether the workstation should be granted access to the network 
service; and 

authorizing access to lire network service by the workstation if the 
wnHrctation security credentials satisfy the workstation security policy, otherwise 
denying access to the network service by the workstation. 

2. (Original) The computer-implemented process recited by Claim 1 
fuilliw coiniji'isins ^ step of authorizing access to a predetermined level of the network 
service if the workstation security credentials satisfy a portion of the workstation security 
policy. 
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3. (Currently Anient) The c o m p uter implem ented pr oooco r e cit e d by 
Claim 1 A c^mpiitrx-iTTiplftmcnted process for auth enticatin g a workstation i«|ues tinp, a 
B gtwork service from a n etwork server via a computer net work. comprising the atcna; 

completing a vulnerability assessment of the workstati on to identify 
security vulnerabilities that would conroromise the se cure operation of the wurkstation on 
the computer network: 

generating workstation security cred e ntials based on th e vulnerafbility 
assessment, ft ft workstation security credentials com prisi ng one of inlcffily inf ormation 
d escribing wheth er th e workstation has been compromi sed, and security posture 
info rmation desmbina the workstation's potential for compromise, wherein the step of 
generating the workstation security credentials comprises completing the vulnerability 
assessment of the workstation by a local workstation assessment service maintained on 
the workstation, the local workstation assessment service operative to generate the 
workstation security credentials; 

comparing the workstation securit y credentials to a workstation Security 
policy to determine whether the workstation shou ld be granted access to the network 
service: and 

authorizing access to tho network service by the workstation if the 
workstation security cred entials satisfy the workstation se curity policy, otherwise 
denying ac cess to the network sci v»*ft by the workstation . 

A, (Original) The computer-implemented process recited by Claim 3, 
wherein the workstation scram ty policy is maintained on the workstation, the process 
further comprising the step of providing the workstation security credentials Jhwn the 
local workstation asBe&srnwil service to the workstation security policy. 

S. (Cancelled) 

[The Remainder of this page has been Intentionally left blank.] 
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6. (Currently Amended) Tha computer implummit t *] process l e oii e d by 
Cham 5 A cmntmtei-impleaicrirrd process for authenticating a workstation requesting a 
network service from a network server via a computer network comprising the steps: 

completing a v ulnerability assessme nt of the workstation to identify 
security vulnerabilities that would compromise the sammr operation of the workstation on 
the computer network: 

aeneralinvi workstation security credentials based on the vulnerability 
assessment, the workstation security credentials comprising one of integrity information 
describine whether t he workstation has been compromised, and security posture 
information describing the workstation's potential tor roinpmrmse, wherein the step of 
generating. the workstation security credentials comprises cprppleting the vulnerability 
assessm ent of the wo rkstation by a network, workstation assessment service maintained 
on the network server, the network workstation assessment service operative jo generate 
the workstation security credentials, wherein the workstation security policy is 
maintained on the workstation, thu pruuuu a further coinpricing tho Gtsp of 

providing the workstation security credentials from the network 
workstation assessment service to the workstation security policy on the workstation via 
the computer networki 

cunmariuH, the workstation security credentials to a workstation security 
policy to determine whether the workstation should be granted access to (he .network 
service: and 

ftia ftiorizing access to the network service by the workstation JOhe 
workstation security credential s satisfy the workstation security uulicy. uiherwise 
denvine access to the network service hy the workstation . 

7. (Original) The computer-implemented procens recited by Claim 1, 
wherein the step of generating the workstation security credentials comprises completing 
the vulnerability assessment of the workstation by a network workstation assessment 
service maintained un an assessment server coupled to the computer network, the 
assessment server operating as a remote server different from the network server, the 
network workstation assessment service operative to generate the workstation security 
credentials. 
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8. (Original) The computer -implemented process recited by Claim 7 } 
wherein the workstation security policy is imwitaiued on the network .server, the process 
further comprising the steps of: 

transmitting the workstation security credentials from the network 
workstation assessment service on the assessment server to the network service on the 
network server via the computer network; and 

comparing at the network server the workstation security 
credentials to the workstation security policy to determine whether the workstation 
should be granted access to the network service. 

9. (Original) The computer-implemented process recited by Claim 8 
further comprising the step of communicating a service deuisiuu Gum the network server 
to the workstation via the computer network, the service decision defining whether the 
workstation is allowed to arrccss the network service or a degraded form of the network 
service. 

10. (Original) The computer-implemented process recited by Claim 1, 
wherein the step of generating the workstation secunLy ucdentials comprises completing 
the vulnerability assessment of the workstation by the network service on the network 
server in response to receiving a request for the network service from the workstation via 
the computer network. 

11. (Original) The computer-implemented process recited by Claim 10, 
wherein the workstation security policy is maintained on the network server, the process 
further comprising the step of comparing at the network server the workstation security 
credentials to the workstation security policy to determine: whether the workstation 
should be granted aucess to the network service or a degraded form of the network 
service. 

[The Remainder of this page has been intentionally left blank.] 
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12. (Currently Amended) A network security system for authenticating a 
workstation requesting a network service from a network server via a computer network, 
comprising: 

a local workstation assessment service, operative on the workstation, for 
generating workstation security credentials by completing a vulnerability assessment of 
fhe workstation comprising a scan to identify at least one of security vulnerabilities thai 
would compromise the secure operation of the workstation on the computer network and 
evidence of a winuuimise, tlie workstation security credentials comprising one of 
integrity information describing whether the workstation has been compromised, and 
security posture information describing the workstation's potential for compromise; and 

a workstation security policy, operative on the workstation, tor defining 
security policy requirements for secure operations by the workstation; 

the local workstation assessment service further operative for comparing 
the workstation security credentials to the workstation security policy to determine 
whether the workstation should be granted access to the network service, 

the local workstation assessment advice further operative to authorize 
access to the network service by tfte workstation it* the workstation security credentials 
satisfy the workstation security policy. 

13. {Currently amended) A network security system for authenticating a 
workstation requesting a network service from a network server via a computer network, 
comprising: 

a local workstation assessment service, operative on the workstation, for 
generating workstation security credentials by completing u vulnerability assessment 
comprisi.np. a scan of the workstation to identity at least one of security vulnerabilities 
that would compromise the secure operation of the workstation on the computer network 
and evidence of a compromise, the workstation security credentials comprising one of 
integrity information describing whether the workstation has been compromised, and 
security posture information describing the workstation's potential for compromise; and 

a network service, operative on the network server, for determining 
whether the workstation should be granted access to a software service of the network 
service in response to receiving the workstation security credentials via the compute* 
network 
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14. (Original) The network security system recited by Claim 13 further 
comprising a workstation security policy at the network server, the workstation security 
policy operative to define security requirements for secure operation of the workstation 
on the computer network. 

15. (Original) The network security system recited by Claim 14 3 wherein 
the network service is further operative for comparing the workstation security 
credentials to the workstation security policy lo determine whether the workstation 
should be granted access to the .software service, the network service operative to 
authorise access to the software service by the workstation if the workstation security 
credentials satisfy the workstation security policy- 



[The Remainder uf this page ha* heen intentionally left blank.] 
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16. (Currently amended) A network security system for authenticating a 
workstation requesting a network service from a network server via a computer network, 
comprising: 

tlic network service operative to generate workstation security credentials 
hy completing a vulnerability assessment compris ing a scan of the workstation to identify 
at least one of security vulnerabilities thai would compromise the secure operation of flic 
workstation on the computer network and evidence of n compromise, the workstation 
security credentials comprising one Of integrity information describing whether the 
workstation has been conrproiniscd, and security posture information describing the 
workstation's potential tor compromise; 

the network service further operative to determine whether the workstation 
should be granted atx-.ess to a software service of the network based on the workstation 
security credentials. 

17. (Original) The network security system recited by Claim 16 further 
cornpriGing a workstation security policy at the network serva, the workstation security 
policy operative to define security requirement* tor secure operation of the workstation 
on the computer network, 

18. (Original) The network security system recited by Claim 17, wherein 
the network service ia further operative to compare the workstation security credentials to 
the workstation security policy lo determine whether the workstation should be granted 
access to the software service, the network service operative to authorize access to the 
software service by the workstation if the workstation security credentials satisfy the 
workstation security policy. 

(The Remainder of this page has been intentionally left blank.] 
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V). (Currently amended) A computer-implemented process for 
authenticating a workstation requesting a network service from a network wirvftt via a 
cuwp utei network, comprising the steps: 

issuing a request for a log-in page to a network server from a browser 
operating on the workstation; 

transmitting the log-in page and an authentication plug -in from the 
network server to the workstation via the computer network, the authentication plu^-in 
installable williin the bivwsei and operative to generate workstation security credentials 
hy completing a vulnerability assessment comprising a sca n of the workstation to identity 
at least one of security vulnerabilities that would compromise the secure opcxatiun of lie 
woikstation on the computer network and evidence of a compromise^ the workstation 
security credentials comprising one of integrity information describing whether the 
workstation has been compromised, and security posture information describing the 
workstation's potential for compromise; 

transmitting the workstation security credentials from the authentication 
plug-in to the network server via the computer network; and 

determining at a CGl script operating on the network server whether the 
workstation should be granted access to a software service of the network based on the 
workstation security credentials, 

20. (Original) The computer-implemented process recited hy Claim 19 
wherein the step of determining whether the workstation should be granted access to the 
software service comprises the step of the CGI script comparing the wurkstaGuu security 
credentials to a workstation security policy maintained at the network server to determine 
whether the workstation should be granted access to the software service; 

if the workstation security credentials satisfies the workstation 
security policy, then authorizing access to the software service and directing the browser 
to the log-in page via the computer network. 

otherwise, denying access In the software, service and delivering an 
access denied page to the workstation via the computer network. 



(The Remainder of this page has been intentionally left Hank.] 
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21. (Currently Amended) A network sccirrity system for authenticating a 
workstation requesting a network service operating on a network server via a compute 

network* comprising: 

a network assessment service operating on a network workstation 
assessment .server on the computer network, the network assessment service operative to 
generate workstation security credentials priui to receiving user credentials by 
completing a vulnerability awrcssrncnt comprising a scan of the workstation via the 
computer network to identify at least one of security vulnerabilities that would 
compromise the secure operation of the workstation on the computer network and 
evidence of a cornrrrormsq the workstation security credentials comprising one of 
integrity information describing whether the workstation lias been compromised, and 
security posture infbnnaiion describing Air workstation's potential for compromise, 

the network service, responsive to receiving the workstation security 
credentials from the network assessment service via die. computer, operative to determine 
whether the wuikstation should he granted access to a software service of the network 
based on the workstation security credentials and the user credentials. 

22. (Original) The network security cystem recited by Claim 21 further 
comprising a workstation security policy at the neiwmk servr.r, the workstation security 
policy upeiative to define security requirements tor secure operation of the workstation 
on the computer network. 

21. (Original) The network security syEtera recited by Claim 22, wherein 
the network service is further operative to compare the workstation security credentials tn 
the workstation security policy to determine whether the workstation should be granted 
/wxcsft to the software service, the network service operative to authorize access to the 
software service by the workstation if the workstation security credentials and the user 
credentials satisfy the workstation security policy. 

24. (Original) The network security system recited by Claim 21 3 wherein 
the network service is operative to transmit to the network assessment service via the 
computer network a request to complete the vulnerability <u&essiiient of the workstation 
in response to receiving a request tor the software .service from the workstation. 
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25. (Currently amended) A wmputer-implemenled process for 
authenticating a workstation requesting a network scivnra th>m a network server via a 
computet uetwork, comprising the steps: 

issuing a request for a log-in page to a network server from a browser 
operating on the workstation; 

transmitting the log-in page, an authentication plug-in, and a workstation 
policy from the network server to the workstation via the computer network, the 
authentication plug-in installable within ihc browser and operative to generate 
workstation security credentials by completing a vulnerability assessment comprising a 
scan of the workstation to identify at l east one of security vulnerabilities that would 
compromise the secure operation of the workstation on the computer network and 
evidence of a coiroromisc, the workstation security credentials comprising one of 
integrity information describing whether the workstation lias been compromised, and 
security posture information describing the workstation's potential for compromise; 

comparing the workstation security credentials to the workstation policy 
on the workstation to determine whether the workstation should he granted access to a 
software service of the network; and 

receiving user credentials if the workstation is granted access to the 
software service of the network. 

[The Remainder f*f this page has been intentionally left blank.] 
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